What are Certifications and Accreditation
Both certification and accreditation hold importance for information security professionals, each allows companies to remain in compliance with federal regulations influencing the protection of private information. Accreditation involves the process that authorizes an IT system to process, store, or transmit information. It is a measure that ensures the chosen technologies exist at a certain level of quality, which supports the idea of using it to complete tasks at an organization. Accreditations assure upper management that information security professionals will implement an effective solution for securing company assets. The certification process supports accreditation, by providing a comprehensive evaluation of an IT system’s technical and nontechnical security controls that establishes the extent to which a particular design and implementation meets a set of predefined security requirements. Acquiring both certification and accreditation provides companies with the assurance that its technologies will be in compliance and ensures assets work effectively to meet organizational goals.
NSTISS Certification and Accreditation
NSTISS Certification and Accreditation, or CNSS, formerly known as National Security Telecommunications and Information Systems Security Committee (NSTISSC), has a Certification and Accreditation (C&A) document titled NSTISS Instruction 1000: National Information Assurance Certification and Accreditation Process (NIACAP). The document details the minimum national standards for certifying and accrediting national security systems. The process includes a standard of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system. This process focuses on an enterprise-wide view of information systems (IS) in relation to the organization’s mission and the IS business case. The NIACAP certifies that the IS meets documented accreditation requirements and will continue to maintain the accredited security posture throughout the system life cycle. CNSS makes a comprehensive evaluation of information systems, in order to provide companies with appropriate certifications and accreditation.
ISO 27001/27002 Systems Certification and Accreditation
ISO 27001/27002 Systems Certification and Accreditation: Large corporations outside the United States apply the standards provided under the International Standards Organizations, standards ISO 27001 and 27002. Organizations who want to comply with the international standards must follow the certification process, which includes the following: companies preparing for certification of Information Security Management System (ISMS), developing and implementing a strategy for incorporating the ISMS into daily operations, training staff and implementing an ongoing program for ISMS maintenance. The next phase of the process involves the accredited certification bodies to perform an audit on ISMS. Certification will be valid for 3 years before requiring re-certification. Sometimes there is a third process that involves the certification body to visit the company site in order to monitor ISMS every 6-9 months. While each C&A process contains different procedures, each require companies to remain in compliant with federal and international law, which ensures companies implement the most secure technologies as possible.